{"id":"CVE-2018-1081","details":"A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.","aliases":["GHSA-v9xq-vh72-chr4"],"modified":"2026-04-11T17:15:01.088037Z","published":"2018-04-04T21:29:00.213Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/103728"},{"type":"ADVISORY","url":"https://moodle.org/mod/forum/discuss.php?d=367938"},{"type":"FIX","url":"https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moodle/moodle","events":[{"introduced":"0"},{"last_affected":"0bd0ee444a07818fc495c95697ea1ec1a6abeefb"},{"introduced":"268abfacc54c4cbf9722c1502569b311c7caefff"},{"last_affected":"f41a17331714b7dd95425ad979bffa1cc74c002a"},{"introduced":"b182239f21c38ea57cddb41b0c03ef3eb02709f8"},{"last_affected":"36c7af0e7e1e62918da262668114a8b759f39768"},{"introduced":"b87a580aa3eb23d5f05d7f619fc40a89e0f86fe5"},{"last_affected":"330fa046d56a31f6d69fd35d53476afaead55535"},{"introduced":"665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87"},{"last_affected":"c9236c6860d763916d8c7a0f8c5c63f37a0e3a0f"}],"database_specific":{"cpe":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"3.0.10"},{"introduced":"3.1"},{"last_affected":"3.1.10"},{"introduced":"3.2"},{"last_affected":"3.2.7"},{"introduced":"3.3"},{"last_affected":"3.3.4"},{"introduced":"3.4.0"},{"last_affected":"3.4.1"}],"source":"CPE_FIELD"}}],"versions":["v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.1.0","v1.1.1","v1.2.0","v1.2.1","v1.3.0","v2.0.0","v2.0.0-rc1","v2.0.0-rc2","v2.0.1","v2.1.0","v2.2.0","v2.2.0-beta","v2.2.0-rc1","v2.3.0","v2.3.0-beta","v2.3.0-rc1","v2.4.0","v2.4.0-beta","v2.4.0-rc1","v2.5.0","v2.5.0-beta","v2.5.0-rc1","v2.6.0","v2.6.0-beta","v2.6.0-rc1","v2.7.0","v2.7.0-beta","v2.7.0-rc1","v2.7.0-rc2","v2.8.0","v2.8.0-beta","v2.8.0-rc1","v2.8.0-rc2","v2.9.0","v2.9.0-beta","v2.9.0-rc1","v2.9.0-rc2","v3.0.0","v3.0.0-beta","v3.0.0-rc1","v3.0.0-rc2","v3.0.0-rc3","v3.0.0-rc4","v3.0.1","v3.0.10","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.0.8","v3.0.9","v3.1.0","v3.1.1","v3.1.10","v3.1.2","v3.1.3","v3.1.4","v3.1.5","v3.1.6","v3.1.7","v3.1.8","v3.1.9","v3.2.0","v3.2.1","v3.2.2","v3.2.3","v3.2.4","v3.2.5","v3.2.6","v3.2.7","v3.3.0","v3.3.1","v3.3.2","v3.3.3","v3.3.4","v3.4.0","v3.4.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1081.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}